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ABSTRACT 



A complete system for the purchasing of goods or informa- 
tion over a computer network is presented. Merchant com- 
puters on the network maintain databases of digital adver- 
tisements that are accessed by buyer computers. In response 
to user inquiries, buyer computers retrieve and display 
digital advertisements from merchant computers. A digital 
advertisement can further include a program that is inter- 
preted by a buyer's computer. The buyer computers include 
a means for a user to purchase the product described by a 
digital advertisement. If a user has not specified a means of 
payment at the time of purchase, it can be requested after a 
purchase transaction is initiated. A network payment system 
performs payment order authorization in a network with 
untrusted switching, transmission, and host components. 
Payment orders are backed by accoimts in an external 
financial system network, and the payment system obtains 
account authorizations firom this external network in real- 
time. Payment orders are signed with authenticators that can 
be based on any combination of a secret function of the 
payment order parameters, a single-use transaction 
identifier, or a specified network address. 

11 Claims, 16 Drawing Slieets 
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SHUTTLE HUBBLE (Houston)- Arriving for a house call 3S7 miles above Earth, the 
aatronauts of the space shuttle Endeavor on Saturday reached out with a 
mechanical grappling arm and easily snared the Hubble space telescope and 
prepared to treat the crippled spacecraft in five days of the most 
complex orbital repairs yet attempted. 
By John Noble Wilford 
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HEALTH-ALLIANCE (Washington)- If the Clinton health plan becomes law, it will put 
a new Institution into the lives of most Americans: the health alliance. Almost 
no other aspect of the plan is so little understood or so radically different 
from the status quo. By Robin Toner. 
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0AMBLIN6 (Las Vegas)- The newest perspective on the booming national industry 
of legalized gambling is now open for business: futuristic virtual-reality 
rides to soothe the losers* souls, just up the theme par)c escalator from 
acres of the latest video slot machines. By Francis X, Clines. 
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TROUBLED HUBBLE SPACE TELESCOPE 
PULLED IN BY SHUTTLE FOR REPAIRS 

By JOHN NOBLE WILFORD 

The New YorJc Times (Copyriflht 1993 The New York Times) 

priority: Urgent 

date: 12-04-93 1712EST 

catagory: Domestic 

subject: BC SHUTTLE HUBBLE ART 

HOUSTON- Arriving for a house call at 357 miles above Earth, the astronauts 
of the space shuttle Endeavor reached out Saturday with a mechanical 
grappling arm and easily snared the Hubble telescope. 

The orbital retrieval paves the way for the shuttle's astronauts to treat 
the crippled spacecraft in five days of the most complex orbital repairs 
yet attempted. 

"Houston, Endeavorhas afirm handshake with Mr. Hubble's telescope,' Col. 
Richard D. Covey of the Air Force, the shuttle commander, radioed to 
Mission Control in Houston after the robotic arm had grasped the 1.6 
billion telescope. 

The shuttle's successful rendezvous with the orbiting telescope was the 
first major step in a mission that could be fateful to both astronomy and 
NASA 

Installing new mirrors to overcome Hubble'a blurred vision will return the 
telescope to its full abilities, giving the astronomers a view almost to 
the edge of the universe. And such a highly visible success could boost 
the space agency's reputation at a time it is seeking support for building 
an international space station. 

Once the 13.5-ton telescope was securely berthed in the open cargo bay 
Saturday morning, it was ready for the astronauts to begin the first of 
their five space walks early Sunday morning. 

The schedule calls for Dr. Musgrave and Dr. Jeffrey A. Hoffman to replace 
failed gyroscopes, two electronic control units and some fuses. 
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QUERY RESULTS: movie review 

1. Dec. 2 1993 14;32 (78 lineal $1.00.^ ^^ 2§ 45 ' 
In "A Dangerous Women," Debra Winger sinks deeply into the drab role of 
Martha Horgan. a sheltered innocent living in a small California town. 

2. Dec. 2 1993 14:23 [60 lines] $1.00 ^ 
"Deception* is a fabulously farfetched story about the string of suprises 
that leads Bessie Pare (Andie MacDowell) all over the world. 

3. NOV. 26 1993 19:43 (49 lines] $1.00 ^1 

■Twenty Bucks" follows a $20 dollar bill from the moncnt it's dispensed by an 
automatic teller machine to its destruction months later. Along the way it 
passes through the hands of dozens of individuals from all walks of life. 

4. Nov, 23 1993 18;46 [48 lines] $1.00 — 

(■ A Perfect World/ a drama. Is rated PO-13 for language and violence. It 
received 3 and one-half srars out of 4.) 

Clint Eastwood and Kevin Costner represent the best of Hollywood's stars who 
entertain without sacrificing artistic integrity. In 'A Perfect World/ their 
reputations remain intact. 



dance film, is rated G. 



43 

It received 



5. Nov. 23 1993 18:46 (53 lines] $1.00 
(■GEORGE BALANCHINE'S 'NUTCRACKER, 
Stars out o£ 4.) 

A straightforward record of the annual Christmas show staged by the 
New York City Ballet, "George Balanchine's 'Nutcraclcer/* would have gone 
directly to TV if not for the participation of 

6. Nov. 23 1993 18:46 [60 linesl $1.00 ^ 

("WE'RE BACKt A DINOSAUR'S STORV/ an animated feature, is rated G. It received 
2 stars out of 4.) 

Kids won't even understand the best joke in the animated "We're Back! A 
Dinosaur's Story." It has to do with a godlike time- and space-traveling 
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A DANGEROUS WOMAN 
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A DANGEROUS WOMAN 

By JANET MASLIN 

The New York Times (Copyright L993 The new York Times 

priority: Regular 

date: 12-02-93 1432EST 

category: Entertainment and Culture 

subject: BC WOMEN FILM REVIEW 



In 'A Dangerous Women,' Debra winger sinks deeply into the drab role of 
Martha Horgan, a sheltered innocent living in a small Cali£ornia town. 

Characters like Martha have a way of attracting the storyteller's interst at a 
very precise point in their lives. It is the moment just before the 
character's peaceful existence is ruptured by some seismic force like sex 
or death or a symbolic coming of age. 

'A Dangerous Women" is soap opera enough to churn up all three. 

With Ms. Winger's eerily convincing performance at it's centerpiece, the film 
creates a world of sexual chicanery that would do any television series 
proud. 

Martha is taken care of by aunt Frances (Barbara Hershey), a rich, beautiful 
widow involved in an extramarital affair with a state assemblyman 
(John Terry), That liaison starts off the film with a suitable bang, as the 
assembly's wife (Laurie Metcalf) drunkenly drives her car into the widow's 
front porch as a means of registering her irritation. 

Martha, a fragile creature in a girlish nightgown and thick glasses, 
watches this outburst in bewildered horror. But the film intends it as a 
harbringer of Martha's own act of violence* which is already in the 
works and will serve as 
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OPEN NETWORK PAYMENT SYSTEM FOR 
PROVIDING FOR AUTHENTICATION OF 
PAYMENT ORDERS BASED ON A 
CONFIRMATION ELECTRONIC MAIL 
MESSAGE 

This application is a continuation of application Ser. No. 
08/563,745, filed Nov. 29, 1995 (now U.S. Pat. No. 5,724, 
424) which is a continuation of application Ser. No. 08/168, 
519, filed Dec. 16, 1993 (now abandoned). 

BACKGROUND OF THE INVENTION 

The recent rapid growth of information applications on 
international public packet-switched computer networks 
such as the Internet suggests that public computer networks 
have the potential to establish a new kind of open market- 
place for goods and services. Such a marketplace could be 
created with a network sales system that comprises a plu- 
rality of buyer and merchant computers, means for the users 
of the buyer computers to display digital advertisements 
from the merchant computers, and means for the users to 
purchase products described by the advertisements. 

A network based sales system will need to allow users to 
preview products at little or no cost, and will need to make 
a large number of product advertisements available in a 
convenient manner In addition, the shopping system will 
need to include easy-to-use facilities for a user to purchase 
desired products using a merchant independent payment 
method. In addition the network sales will need to allow new 
buyers and merchants to enter the market. 

A central requirement for a marketplace is a payment 
mechanism, but at present no merchant independent pay- 
ment mechanism is available for computer networks that 
permits users to utilize conventional financial instruments 
such as credit cards, debit cards, and demand deposit 
account balances. We expect that both retail payment and 
wholesale payment mechanisms will be required for 
networks, with consumers using the retail mechanism for 
modest size purchases, and institutions using the wholesale 
mechanism for performing settlement between trading part- 
ners. For wide acceptance the retail mechanism will need to 
be a logical evolution of existing credit-card, debit-card, and 
Automated Clearing House facilities, while for acceptance 
the wholesale mechanism will need to be an evolved version 
of corporate electronic funds transfer. 

These problems of have been approached in the past by 
network based sales systems wherein, for example, each 
merchant maintains an account for each user. A user must 
establish an account with each merchant in advance in order 
to be able to utilize the merchant. The prior art network 
based sales systems are not designed to allow users to use 
their existing credit card and demand deposit accounts for 
payment, nor are they designed to allow for programs to be 
included in digital advertisements. 

According, therefore, it is a primary objective of this 
invention to provide a user interactive network sales system 
in which the user can freely use any merchant of choice and 
utilize existing financial instruments for payment. Other 
objects include a network sales system which provides a 
high-quality user interface, which provides users with a 
wide variety and large volume of advertisements, which is 
easily extensible to new services, and which is easily 
expanded to new applications within the existing infrastruc- 
ture of the system. 

Still other objects of the invention are to provide a 
network payment system that will authorize payment orders 
and remove part of the risk of firaud from merchants. 
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An unavoidable property of public computer networks is 
that they are comprised of switching, transmission, and host 
computer components controlled by many individuals and 
organizations. Thus it is impossible for a network payment 

5 system to depend upon a specified minimum required degree 
of software, hardware, and physical security for all of the 
components in a public network. For example, secret keys 
stored in a given user's personal computer can be 
compromised, switches can be tampered with to redirect 

10 trafGc, and transmission facilities can be intercepted and 
manipulated. 

The risk of performing retaU payment in a public network 
is compounded by statutes that make a payment system 
operator in part liable for the security lapses of its users. 

15 Existing Federal statutes in the United States, including the 
Electronic Funds Transfer Act and the Consumer Credit 
Protection Act, require the operator of a payment mecha- 
nism to limit consmner liability in many cases. Payment 
system operators may have other fiduciary responsibilities 

20 for wholesale transactions. Similar responsibilities exist in 
other countries for retail and wholesale transactions. 

In existing credit card payment systems, a credit card's 
issuing bank takes on the fraud risk associated with misuse 
of the card when a merchant follows established card 
acceptance protocols. Acceptance protocols can include 
verifying a card holder's signature on the back of their card 
and obtaining authorization for payments over a certain 
value. However, in network based commerce a merchant can 
not physically examine a purchasers credit card, and thus the 

^° firaud risk may revert to the merchant in so called "card not 
present'* transactions. Many merchants can not qualify to 
take this risk because of their limited financial resources. 
Thus the invention is important to aUow many merchants to 
participate in network based commerce. 

Other objects of the invention include utilizing existing 
financial instruments such as credit cards, debit cards, and 
demand deposit accounts for merchant payments. 

Existing network payment systems do not connect to the 

40 financial system for authorization and are not compatible 
with conventional financial instruments. Existing network 
payment systems include the Simple Network Payment 
Protocol [Dukach, S., SNPP: A Simple Network Payment 
Protocol, MIT Laboratory for Computer Science, 

45 Cambridge, MA, 1993.], Sirbu's Internet Billing Server 
[Sitbu, M. A., Internet Billing Service Design and Prototype 
Implementation, Information Networking Program, 
Carnegie-Mellon University, 1993], and NetCash 
[Medvinsy, G., and Newman, B. C, NetCash: A Design for 

5Q Practical Electronic Currency on the Internet, Proc. 1st ACM 
Conf. on Comp. and Comm. Security, November, 1993]. 

A further object of the invention is to allow users in an 
untrusted network envirorunent to use conventional financial 
instruments without requiring modification to existing finan- 

55 cial system networks. 

The following definitions apply to the present invention. 
A principal is a person, company, institution, or other entity 
that is authorized to transact business as part of a network 
payment system. A payment order describes the identity of 

60 a sender, a payment amount, a beneficiary, and a sender 
unique once. A sender is a principal making a payment. A 
beneficiary is a principal to be paid by the payment system. 
A sender unique nonce is an identifier that is used only once 
by a given sender. An example of sender unique nonces are 

65 unique timestamps. An external account is an account that 
can be used to settle a payment order for either a sender or 
a beneficiary in the external financial system. Examples of 
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external accounts include demand deposit accounts and FIG. 1 is a block diagram of a typical network sales 

credit card accounts. An external device is a physical object system in accordance with the invention; 

that is kept in the possession of a user for the purpose of piG. 2 is a screen snapshot of a buyer computer display 

identifying the user. of an overview page from a merchant computer; 

Anetwork payment system is a service that authorizes and 5 , . . r . . j- 1 

executes digital payment orders that are backed by external ^ ^^P^!'"^ °^ " ''"y" =°'»P^f '^'^P^'^y 

accounts. A payment system authenticates a paymeiit order, °^ " P'^S^ °^ advertisements from a merchant com- 

checks for sufficient funds or credit, and then originates P^ter; 

funds transfer transactions to carry out the payment order. A FIG. 4 is a screen snapshot of a buyer computer display 

payment system acknowledges acceptance or rejection of a of an account query page; 

payment order. More than one payment system may exist on piG. 5 is a screen snapshot of a buyer computer display 

a given network, and a given payment system may operate ^ fulfiUment page; 

on more than one host to increase its reliability, availability, ^ . « i_ . -n * c 

and performance. An authenticator is a digital value that is , ^ ^ ^""^ ""^^'^ iHustratmg the processmg of a sale 

appended to a payment order and becomes part of the ''^^^^^ ^ ^^y^^ computer and a merchant computer; 

payment order that authenticates the payment order as FIG. 7 is a flow chart illustrating the alternate processing 

genuine. of payment order means for obtaining missing payment 

SUMMARY OF THE INVENTION information; 

Tlie invention relates to a network sales system for Z^^" ^ ^. " s^^^^^napshoi of a buyer computer display 

enabling users to purchase products using a piurahty of 20 ^^^^^ P^ge ^^m a merchant computer that contams 

buyer computers that communicate over a network with a ^ ^^^^ ^f^^ 

plurality of merchant computers. Each merchant computer FIG, 9 is a screen snapshot of a buyer computer display 

has a database of digital advertisements. Each digital adver- of digital advertisements in response to a user's query; 

tisement includes a price and a product abstract. Buyer FIG. 10 is a screen snapshot of a buyer computer screen 

computers request, display, and respond to digital advertise- of a purchase confirmation; 

ments from merchant computers. Users can purchase prod- nir^ • i_ * r i_ j- 1 u 

,.^tc„r;tk tu-vu ^ * ff ♦u u c J FIG. 11 IS a screen snapshot of a buyer display of a 

ucts with their buyer computers after they have specified an f, ifin i i, rrir « j j 

account to pay for the purchase, A network payment service ^^^i^imeni page liKe tiU. 5; 

is used to authorize the purchase before merchant fulfiUment FIG- 12 is a flow chart illustrating an alternate processing 

is performed. of a sale between a buyer computer and a merchant com- 

In a particular aspect of the invention, the merchant ^° P^t^r where a payment order is pre-authorized; 

computer can request account information when it is not FIG. 13 is a block diagram of a typical network payment 

provided by the buyer computer. In another aspect of the system in accordance with the invention; 

invention, the buyer computer can present to a merchant a pjc. 14 is a flow chart iUustrating the authentication, 

pre-authorized payment order that is obtained from a net- authorization, and settlement of a payment order; 

work payment system. 35 y / » 

In another aspect of the invention, an electronic sales FIG. 15 is a flow chart illustrating an alternate processing 

system contains digital advertisements that include pro- °^ authentication and venfication of a payment order 

grams. The programs are executed on behalf of a user by a "^^^^^ transaction identifiers are used; and 

buyer computer, and can lead to a purchase request directed FIG. 16 is a flow chart illustrating an alternate processing 

to a merchant computer that performs product fulfillment. 40 of the authorization of a payment order where real-time 

In another aspect of the invention a network payment approval from the financial authorization network may not 

system executes payment orders. A payment order includes be obtained, 
a sender, a beneficiary, a payment amount, and a nonce 

identifier. A payment order is signed by a client computer DESCRIPTION OF A PARTICULAR 
with an authenticator that is checked by the payment system. 45 PREFERRED EMBODIMENT 
Payment orders are backed by accounts in the banking ^ ^^^twork sales system 200 as shown in HG. 1 employs 
system and are authorized by the network payment system ^ ^^^^^^ ^7 to interconnect a plurality of buyer computers 
by sending messages mto a financial authorization network 62, merchant computers 63 and 64. each merchant 
that knows the status of these accounts. The payment system ^^^^ respective digital advertisement databases 65 
accomplishes settlement by sendmg messages into an exist- 50 ^ ^ 
mg financial system network. ^^p^^y^ ^ ^^^^^ computer to retrieve advertisements from 
In another aspect, payment orders are authenticated based the merchant computers, and to purchase goods of interest, 
on the delivery address they specify. In another aspect, the a payment computer is used to authorize a purchase trans- 
payment system will specify in its authorization legal deliv- action. 

ery addresses. In another aspect, authenticate rs for payment 55 * ^* •* 1 ^ 1 j j • j 

r.rA^r^ u.c^A - JT* ' o *' 'A . Adigital advcrtiscment includes a product description and 

orders are based on one-tune transaction identifiers that are ^ - ^:^t.i ♦ j ♦ u • j 

i,„^,„„ . , J *u * . f .1. ^ price. In digital advertisement database 65 pnces and 

known only to the user and the payment system. In another j -*- u.j 1 . • 

» J r J 1 , descriptions may be stored separately, and one pnce may 

aspect, payment orders for a given sender are only accepted , j . j • * • 

r _ ^ * * 1 r L apply to many product descriptions, 

from certam client computer network addresses. In another ^ ^ ^ ^ 

aspect, the network payment system sends messages into a ^0 ^° ^° alternate cmbodunent, the network sales system 

financial authorization system in real-time before the net- ^^^^^^ mcludes external devices that are kept in the pos- 

work payment system will authorize a payment order. session of users so that the users can authenticate themselves 

when they use a buyer computer. 

BRIEF DESCRIPTION OF THE DRAWINGS The software an^hitecture underlying the particular pre- 

Other objects, features, and advantages of the invention 65 ferred embodiment is based upon the hypertext conventions 

will appear from the following description taken together of the World Wide Web. j^pendix A describes the Hypertext 

with the drawings in which: Markup Language (HTML) document format used to rep- 
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resent digital advertisements. Appendix B describes the for representing programs as data. The program can be 

HTML forms fill out support in Mosaic 2.0, Appendix C is interpreted or it can be directly executed by the buyer 

a description of the Hypertext Transfer Protocol (HTTP) computer. The program when executed will cause the buyer 

between buyer and merchant computers, and Appendix D computer to interact with the user leading to the user 
describes how documents are named with Uniform Resource 5 purchase request 24, and the purchase message 25. 

Locators (URLs) in the network of computers. A document The merchant computer then attempts to construct a 

is defined to be any type of digital data broadly construed, payment order at 26 using the information it has gathered 
such as multimedia documents that include text, audio, and . about the user. The buyer computer may have previously 

video, and documents that contain programs. suppUed certain credentials using fill out forms or other 

FIG. 2 shows an overview screen that has been retrieved 10 account identification means such as providing the network 

from a merchant computer by a buyer computer and dis- address of the buyer computer in the normal course of 

played by the buyer computer. It includes links 1, 2, and 3 communication. If the buyer computer is able to construct a 

that when activated by a user cause the buyer's computer to complete payment order at 26 the payment order is sent to 

take specified actions. In the case of link 1, the document a payment computer for authorization at 27, If a payment 
shown in FIG. 3 is retrieved from a merchant computer and 15 order can be constructed, processing continues at 28. 

displayed. In the case of link 2, a short audio segment is Alternatively, the buyer computer may construct the pay- 

retneved from a merchant computer and played. In the case ment order at 24 and send it to the merchant computer at 25. 

of link 3, the query that can be entered into the query dialog in this case, the payment order assembly steps at 26, at the 

box 4 is sent to a mercham computer, and a documem is mercham computer, may only need to forward the payment 

retneved from the merchant computer and displayed. 20 ^^^j. ^^^^^ computer. 

FIG. 3 shows a document that contains three digital A payment order includes user account information, mer- 

advertisements. The digital advertisements have been chant account information, an amount, and a nonce identifier 

retrieved from the merchant computer after the activation of that has not been previously used for the same user account, 

link 3, The merchant computer may set the prices contained Variations of payment orders can be constructed, including 

in the advertisements based on the on the identity of the user payment orders that specify user or merchant identifiers in 

as determined, for example, by the network address of the place of account information, payment orders that specify a 

requesting buyer computer. The document includes links 5, valid time period, payment orders that specify foreign 

6, and 7 that are used to purchase the products described by currencies, and payment orders that include comment 

the advertisements. For example, if link 5 is activated the strings. Part of the process of constructing a payment order 
missing payment infonmation document shown in FIG. 4 is "is creating a corresponding authenticator using one of the 

retrieved from the merchant computer and displayed. authenticator methods described below. 

HG. 4 is a missing payment inforaiation document that is in the illustrated embodiment of HGS. 3 and 4, the 

used to gather user account information for the requested merchant computer does not have sufiScient information to 

purchase in an HTML form. Radio buttons 8, 9, 10, 11, 12 construct a payment order at 26 and thus at 33 (HG. 7) 

are used to select a means of payment, dialog box 13 is used constructs and returns a missing payment information docu- 

to enter an account number, dialog box 14 is used to enter naent in response to request 25. Operation 33 includes in the 

an optional authenticator for the account, purchase button 15 constructed document appropriate form fields based on what 

IS used to send the account information to the merchant information the merchant computer has akeady collected 

computer and proceed with the purchase, link 16 is used to from the user. The document is returned to the buyer 

abort the purchase and return to the document shown in FIG. computer at 34 and is displayed at 35. When the user presses 

2, and dialog box 17 is used to enter optional user inforaaa- the purchase button 15, the contents of the form are trans- 

tion that is associated with the purchase and ultimately used mitted to the merchant computer, at 36, to a specific URL 

by a financial institution as part of a textual billing identifier name, using an HTTP request. Based on the supplied form 

for the purchase transaction. If provided, this additional fields, the merchant computer constructs a complete pay- 

mformation is mcluded in the payment order for the pur- ment order. Alternatively, the buyer computer may construct 

the payment order at 35 and send it to the merchant 

FIG. 5 is a fulfillment document 18 that is produced once computer as part of step 36. In this case, the payment order 

valid account information is provided to the missing pay- assembly steps 37 at the merchant computer simply passes 
ment information document in FIG. 4 and purchase button jq on the payment order from the buyer computer. The payment 

15 is activated. order is sent to the payment computer in a message at 38. 

FIG. 6 is a flowchart that more fully describes the In either case, the flowchart continues in FIG. 6 where the 

information flow in the purchase transaction shown in FIGS. payment computer checks the authorization of the payment 

2 to 5. An initial user inquiry 19 from activating link 1 order at 28. If the payment system authorizes the request, an 
results in the HTTP request 20 for a specific document with 55 authorization message at 29 is returned to the buyer 

a specified URL. The URL specifies the name of the computer, and the merchant computer checks at 30 that the 

merchant computer. The merchant computer retrieves the authorization message came from the payment computer 

document given the URL at 21, and returns it to the buyer using the authenticator mechanism described below. Assum- 

computer at 22. The buyer computer displays the resulting ing that the authorization message is valid, the merchant 

H TML document at 23. When the user activates link 5, an computer performs fulfillment at 30, returning the purchased 

HTTP request 25 is sent to the merchant computer request- product in response at 31. In our example in FIG. 5 the 

ing the document. response at 31 is document 18 thai was the logical target of 

In an alternate embodiment, document 22 is executed at link 5. If the payment system does not authorize the payment 

23 as a program. A program is defined as a set of instmctions order then response 31 is a rejection of the user's purchase 
that can exhibit conditional behavior based upon user 65 request. 

actions or the environment of the buyer computer. As is In an alternate embodiment, step 30 can encrypt the 

known to those skilled in the art, there are many techniques document using a key that is known to the buyer computer. 



08/26/2004, EAST Version: 1.4.1 



6,049,785 

7 8 

As is known to those skilled in the art, the key can be nectapluralityofclientcompiiters70and71, and a plurality 

communicated to the merchant computer using convention of payment computers such as 72, each payment computer 

key distribution protocols. In this manner the document will having an account database 73, a settlement database 74, an 

be protected from disclosure to other users. authorized address database 75, a sender credential database 

The fulfillment step at 30 can alternatively schedule a 5 76, a financial system interface 77, and a real-time autho- 

physical product to be shipped via ordinary mail or other rization interface 78. The interfaces 77 and 78 may be 

means. This can be accomplished by updating a fulfiUment implemented by a single communications line, 

request database or by sendmg a message to a shipping alternate embodiment, the network payment system 

system. In th^ case the response at 31 is a confirmation that ^.^ther includes external devices that are kept in the pos- 

the product has been scheduled to ship. In this way the session ofusers so that the users can authenticate themselves 

oS^^^^^^^^ ""^ ' '^^y ^ buyer computer. 

t7i/-.o onim jui. J ..t. Account database 73 maintains temporal spending 

FIGS. 8, 9, 10, and 11 show a second example that uses . i. .i. . , • .u . j 5 

u.oJj I™L .„ -J... .• . T.- J amounts, such as the amount spent in the curreni day, and 

query based access to digital advertisements. It IS assumed , • , • . i j- i- •. -n, . j. 

that the previous example was used by the user immediately '"^""ains temporal spending limits. The account daU- 

before at the same buyer computer. mamtain a translation between principal 

HG. 8 shows the overview screen where the query identifiers and external account identifiers. SetUement data- 

"movie review" has been entered into dialog box 39. When ^'^ records committed payment orde.^ along ^Xh any 

the user activates process button 40. the merchant searches fthonzation mfonnation for the orde^ that was obtamed 

databases as described by the URL attached to button 40, ^""^ '^^"f'^ ^'^f ^ '''"^'"^ mamtams for each 

and creates a response document as shown in FIG. 9. ^° * ^J: °f authorized buyer computer and dehvery 

TTTi- ou . 'yn Atv addresses. Credential database 76 mamtains a list of ere- 

H^' I digital advertisements 39, 40, 41. 42 43. ^^^^^ j^^j information that can be used to 

and 44 that were found in response to the q authenticate principals. 

button 40. A scroll bar 45 shows that there are additional X2\n • « u * *u * j -u *u *• r *u 

* . . u 1- 1 ■ FIG. 14 IS a flowchart that descnbes the operation of the 

digital advertisements that are not shown. When hnk 46 is * a i - * * -n . . 

^Tii^,^i^A * • f * ,1 . u 25 payment system. A client computer 71 constructs a payment 

activated, the missing account information document shown ♦ j * a aa *u . * *i_ 

tnr- 1ft • * AW *u u * * order at 79, and computes and adds an authenticator to the 

in FIG. 10 IS returned by the merchant computer. * j » on tt, * j • * * * 

_^ ^ L 1 . , . , payment order at 80. The payment order is sent at 81 to a 

nG. 10 shows that the merchant computer has partial ^ computer, where the authenticator is verified at 82 

information on the buyer s accoiint. Me^ge 47 shows that ^o ensure that the payment order was originated by the 

the merchant computer already knows the buyer's account 30 ^^^der it describes. Below we present different means of 

number. Purchase button 48 will send the optional user implementing 80 and 82. 

reference strmg in dialog box 50 to the merchant computer if payment order is authentic and address restrictions 

described by the URL behind button 48 and purchase the desired, at 83, either or both of the client computer 

product corresponding to digital advertisement 39. Cancel ^j^ress or the specified delivery address can be checked 

hnk 49 wUl return the user to the document shown mHG. 35 ^g.^^^ address database 75. If address restrictions are 

desired and if the addresses in the payment order are not in 

When purchase button 48 is activated, a document 51 is the database, the payment computer sends a rejection mes- 

sent by the mercham computer and displayed by the buyer sage to the client computer. Address database 75 specifies, 

computer as shown m FIG. 11. fo^ each principal, acceptable client computer addresses and 

FIG. 12 shows an alternative method of processing a sales 40 delivery addresses. A delivery address can be a network 

transaction. In this method when the user requests a pur- address, or a street address for packaged goods. As is known 

chase at 52, the buyer computer constructs a payment order in the art, database 75 can include wild-card specifications 

at 53 and sends it for approval to the payment computer at and similar techniques to reduce its size. For example, 

54. The payment computer authorizes the payment order at database 75 could contain an entry for principal identifier 

55; and when the payment order is authorized, returns an 45 "*@acme .com" restricting legal delivery addresses to "com- 

unforgable certificate at 56 that the payment order is valid. puter: *.com", "computer: cmu.edu", and "surface: *, 34 

Means of creating such unforgable certificates are described Main Street, Anytown, USA", indicating that any user at the 

in authenticator method number one below. If at step 55 the company Acme can order products to be delivered to the 

payment order is not authorized, a rejection message is sent network address at Acme or the university CMU, or to 

at 56 and the sales transaction is terminated. 50 anyone at 34 Main Street, Anytown, USA. 

The buyer computer then proceeds at 57 to send a If payment order address restrictions are not desired or 

pre-authorized purchase request to the merchant computer. have been checked, processing continues at 84 where the 

The unforgable certificate 56 is included in a purchase payment order is checked for replay and temporal spending 

message at 57 that is sent at 58 to the merchant computer. limits. Replay is checked for by making sure that the sender 

Based upon the pre-authorized payment order the merchant 55 did not previously present a payment order with the same 

computer performs fulfilhnent at 59 and returns the product nonce by checking an index of committed payment orders 

at 60. In a variation, the merchant computer at 59 checks to by nonce in settlement database 74. If nonces are based on 

ensure the payment order has not been previously used. This time, then a payment order that is older than an administra- 

can be accomphshed by checking with a payment computer lively determined value can be rejected out of hand. Time 

or maintaining a merchant computer database of previously 60 based nonces or sequential nonces permit old nonces to be 

accepted payment orders. The unforgable certificate created removed fi-om the settlement database 74. If a payment order 

at step 56 does not need to include the user account has been previously processed or its nonce is too old, the 

information. This variation is useful if the user wishes to payment order computer sends a rejection message to the 

make purchases and remain anonymous to the merchant. cfient. 

A Network Payment System 65 After the payment order passes the replay check, temporal 

A network payment system 300 as shown in FIG. 13, spending Umits are checked in account database 73. These 

employs a public packet-switched network 69 to intercon- spending limits can be applied on a per sender, per group of 
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senders, and per payment systena basis to limit fraud risk. the payment computer. At 89 a payment system specific 

The limits can be applied to any duration of time, for authenticator is added payment order. At 91 this authenti- 

example a maximum spending amount per hour or per day, cator is checked by the client computer. The steps at 89 are 

If the payment order would violate a spending limit, the a dual of step 80, and the steps at 91 are a dual of step 82. 

payment computer sends a rejection message to the client. 5 The authentication means for steps 89 and 91 are described 

Once the payment order passes the temporal spending below, 
check at 84, a message is constructed at 85 to check that the Finally, settlement is performed at 92 in the external 

external account that backs the sender's payment system financial system 77 between external accounts that corre- 

account has adequate funds or credit. If the sender identifier spend to the sender and the beneficiary. If settlement is 

in the payment order is not already an account number in the lo accomplished as part of real-time authorization at steps 86 

external financial system, it is translated into a correspond- and 87, as may occur in a real-time debit network, then no 

ing account number in the external financial system using other steps need to be taken. If settlement is not accom- 

account database 73. A real-time authorization request mes- plished as part of the authorization process, then financial 

sage is sent at 86 to the external financial system over system messages are sent to interface 77 to effect settlement, 

interface 78. If the external financial system approves autho- is Depending on the external accounts involved, these mes- 

rization request 86, an authorization message is returned at sages may include electronic funds transfer messages or 

87. If request 86 is not approved, the payment computer automated clearinghouse messages, 
sends a rejection message to the client at 87. In an alternate embodiment, at 92 settlement messages are 

In a variation of the above described approach, processing sent to reconcile net transfer balances between principles on 

continues at 95 after 84. At 95 real-time authorization is only 20 a temporal basis, for example once a day. In this embodi- 

obtained when the total of a sender's payments since the last ment the number of settlement messages can be less than the 

real-time authorization reaches a preset value, or the pay- number of payment orders. 

ment order is over a preset amount. These preset values can Authenticators may be created and checked using one of 

be optionally recorded on a per principal basis in database 73 the following methods. The payment computer can use any 

or can be administratively determined for all principals. In 25 of the first four methods, and the client computer can use any 

this manner, the number of messages to the external financial of the methods described. 

system can be reduced. In addition, the payment system can In a first method for authenticators, at steps 80 or 89, a 
avoid making real-time authorization requests for small digest of the payment order is signed by the sending corn- 
payments when the risk is acceptable to the payment system puter using a public-key cryptographic system such as RSA. 
operator. If real-time authorization is necessary, processing 30 This signature is used as the authenticator. As is well known 
continues at 85 after 95. If real-lime authorization is not in the art, the signing can be accomplished using a private 
necessary for a request, at 100 the payment order amount is key created from a public-key pair, where the signing key is 
added lo the sender's total of payments since the last only known by the signer, and the other pubhc key is known 
real-time authorization in database 73, and processing con- to the receiving computer. At the payment computer the 
tinues at 88. 35 public key corresponding to each sender is kept in credential 
In another variation after 100 a check is made at 101 in database 76. The private key for the payment service is also 
database 73 to see if a background authorization process kept in database 76. At steps 82 or 91, the signature of the 
should be scheduled. A background authorization process received message is checked using the public key known to 
permits the payment computer to continue its normal pro- the receiving computer. 

cessing while it checks with the financial authorization 40 In a second method for authenticators, at steps 80 or 89, 

network on the sender's account. This mechanism can be a digest of the payment order is signed by the sending 

used to limit payment system risk. If the background autho- computer with a private key cryptosystem such as DES. This 

rization fails, the account is suspended by so updating signature is used as the authenticator. At the payment 

database 73. If the sender's total of payments since last computer, the private key corresponding to each sender is 

authorization is over a preset value stored in 73 then a 45 kept in credential database 76. At step 80, a digest of the 

background authorization process is scheduled at 102. 0th- payment order is signed by the client computer, and at step 

erwise processing continues at 88. 89 a digest of the payment order with an added approval 

In another variation, at 95 and 101 authorizations are code is signed by the payment computer using the same 

obtained based on the amount spent since last authorization private key. At steps 82 or 91, the signature of the received 

and time since last authorization. 50 message is checked using the shared private key. 

At 88 the payment order is committed to execution and is In a third method for authenticators, at step 80 the 
recorded in settlement database 74. Recorded with the authenticator is computed by a protected device external lo 
payment order in database 74 are portions of authentication the system such as a Smart-Card. A protected device is 
message 87 that show that the payment computer contacted specifically designed to be extremely difiBcult both to rep- 
the remote financial system. The amount of the payment 55 licale and to compromise. In this method, the payment order 
order is added to running temporal spending records in is communicated at 80 to a Smart-Card. The Smart-Card 
database 73, and an authorization message is sent to the computes and signs a digest of the payment order, and then 
client computer at 90. The authorization message includes communicates the signahire back at 80 to be used as an 
the payment order. In an alternate embodiment, at 90 the authenticator. A Smart-Card produced authenticator 
authorization message contains a truncated payment order 60 uniquely associates a payment order with its creating Smart- 
that includes at least the payment order's sender and the Card. This is accomplished by having the Smart-Card con- 
payment order's unique nonce. lain a secret key "K" that is used to create a digital signature 

In an alternate embodiment, the authorization message of the payment order. "K" is never released outside of the 

sent to the client at 90 includes at least one legal delivery Smart-card. The Smart-Card is designed to make it compu- 

addresses for the sender as determined from database 75. 65 tationally infeasible to compute "K" even with possession of 

Authorization message 90 must be transmitted in such a the device. In this method, at step 82, a signature checking 

way that the client computer can be sure that it came from key from database 76 is used to check the authenticator. In 



08/26/2004, EAST Version: 1.4.1 



6,049, 

11 

aQ alternate embodiment, a user must manually signal their 
acceptance of each payment order on an input device that is 
part of the external device before the authenticator is created 
by the external device. 

In a fourth method for authenticators, at steps 80 or 89, a 5 
network address is used as an authenticator. At steps 82 or 
91, a digest of the payment order is sent back to the specified 
network address along with a random password. The com- 
puter at the specified network address must then return the 
payment order digest along with the password. If the net- lo 
work guarantees to deliver messages to the proper network 
address, this method will guarantee that the user or computer 
at the specified network address approves of the payment 
order. Assuming that network delivery is trusted, this 
method can be used to authenticate a sender computer's 15 
network address in a payment order. Alternatively, electronic 
mail can be used to send such confirmation messages 
between a user and the payment system. 

In a fifth method for authenticators, at step 80, the 
authenticator is produced by an external device that pro- 20 
duces a sequence of non-predicable transaction identifiers 
that are device specific. The authenticator is entered by the 
user into the client computer by reading its display. One such 
device is described in U.S. Pat. No. 4,856,062. According to 
this method, at step 91, the authenticator can be checked 25 
using the sender specific fixed code of the device which is 
kept in database 76. This sequence of steps is also shown in 
FIG. 15 at steps 93 and 94. 

In a sixth method for authenticators, at step 80, the 
authenticator is obtained by querying the user for a trans- 30 
action identifier that is the next string from a physical list of 
one-time authorization strings. Such as list could be pro- 
duced on a card, and the user can cross off authorization 
strings as they are used. According to this method, at step 91, 
the authenticator is checked against the next expected string 35 
from the sender using database 76. Database 76 can hold for 
each sender a list of random authorization strings, or can 
hold a sender specific secret key that was used to generate 
the list of authentication strings along with how many 
strings have been used so far. This sequence of steps is also 40 
shown in FIG. 15 at 93 and 94. 

In a seventh method for authenticators, at step 80 the 
authenticator is a previously obtained personal identification 
number (PIN) for the user. In this method in 91 the authen- 
ticator is checked against the expected PIN for the sender 45 
using database 76. 

As will be obvious to one skilled in the art, any of the 
methods for creating authenticators can be used together to 
increase system security. For example, authenticator method 
six can be used to create an authenticator based on a 50 
transaction identifier, and then a payment order including a 
transaction identifier can be given a further authenticator 
using authenticator method one. In this example the result- 
ing authenticators would be checked with their respective 
methods. 55 

A digest of a payment order can be created with an 
algorithm such as MD5 [R. Rivest, The MD5 Message- 
Digest Algorithm, MIT Laboratory for Computer Science, 
Network Working Group Request for Comments 1321]. 
Alternatively, a digest can be the entire payment order or 60 
other functions of the payment order's component parts. 

In addition in both the sales and payment systems alter- 
nate authenticator techniques can be used such as those 
described by Voydock and Kent in "Security Mechanisms in 
High-level Network Protocols", Computing Surveys Vol. 65 
15, No. 2, June 1983. As will be appreciated by those skilled 
in the art, two-way authenticated byte-stream or remote 
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procedure call interface connections that protect against 
replay can replace our message based authenticators. 

Additions, subtractions, deletions, and other modifica- 
tions of the described embodiment will be apparent to those 
practiced in the art and are within the scope of the following 
claims. 

What is claimed is: 

1. An open network payment system for transferring 
funds having real monetary value from a sender to a 
beneficiary, comprising: 

a plurality of client computers; and 
a payment computer; 

the client computers and the payment computer being 
interconnected by a public packet switched communi- 
cations network; 

at least one of the cfient computers being programmed to 
construct a payment request specifying a payment 
amount to be transferred from a sender to a beneficiary, 
and to cause the payment request to be transmitted to 
the payment computer over the public packet switched 
communications network; 

the payment computer being programmed to transmit a 
confirmation request message, over the public packet 
switched communications network, to one of the client 
computers that corresponds to a network address of the 
sender of the payment amount, and the client computer 
that corresponds to the sender of the payment amount 
being programmed, in response thereto, to transmit a 
confirmation message lo the payment computer by 
electronic mail, in order to guarantee that the sender 
approves of the payment request; 

the payment computer being programmed to cause funds 
having real monetary value to be transferred from the 
sender to the beneficiary conditioned on the payment 
request having been authorized based on an external 
credit card account or an external demand deposit 
account having suflScient funds or credit of real mon- 
etary value available to the sender. 

2. A method of transferring funds having real monetary 
value from a sender to a beneficiary using a network 
payment system comprising a plurality of client computers 
and a payment computer interconnected by a public packet 
switched communications network, and comprising the 
steps of: 

constructing a payment request at one of the client com- 
puters specifying a payment amount to be transferred 
from a sender to a beneficiary, and causing the payment 
request to be transmitted to the payment computer over 
the public packet switched communications network; 

transmitting a confirmation request message over the 
pubUc packet switched communications network from 
the payment computer to one of the client computers 
that corresponds to a network address of the sender of 
the payment amount, and, in response thereto, trans- 
mitting a confirmation message to the payment com- 
puter by electronic mail from the one of the cHent 
computers, in order to guarantee that the sender 
approves of the payment request; and 

causing funds having real monetary value to be trans- 
ferred from the sender to the beneficiary conditioned on 
the payment request having been authorized based on 
an external credit card account or an external demand 
deposit account having sufiBcient fiinds or credit of real 
monetary value available to the sender. 

3. The method of claim 2 wherein: 

the confirmation request message comprises a password; 
and 
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the method further comprises the step of responding to the time that the sender has adequate funds or credit having real 

confirmation request message by transmitting the pass- monetary value, and to receive an authorization from the 

word from the client computer back to the payment financial authorization system in response to the message, 
computer as at least part of the confirmation message. 8. The method of claim 2 wherein the payment computer 

4. The method of claim 2 wherein: 5 jg programmed to cause information pertaining to the pay- 
the client computer that corresponds to the sender of the ment request and authorization to be recorded. 

payment amount is a buyer computer programmed to 9. The method of claim 8 wherein the information per- 

transmit a purchase message, in response to a user taining to the payment request message and authorization is 

request, over the public packet switched communica- recorded in a settlement database. 

tions network to at least one of a plurality of merchant lo. The method of claim 2 wherein the payment computer 
computers; and is programmed to cause the funds to be transferred condi- 
at least one of the merchant computers is programmed to tioned on at least one message transmitted over the public 
receive the purchase message, and to cause a product to packet switched communications network in connection 
be sent to a party conditioned on a purchase transaction with transfer of the funds not being a replay of a message 
having been authorized in real time by the payment previously transmitted over the public packet switched corn- 
system through authorization of the payment request. munications network. 

5. The method of claim 4 wherein the client computer 11. The method of claim 2 wherein the payment request 
programmed to construct the payment request is the client comprises at least one digital signature of components that 
computer that corresponds to the sender of the payment include components derived from the payment request, at 
amount. least one of which digital signatures protects the payment 

6. The method of claim 4 wherein the client computer request from forgery, including authenticating an identity of 
programmed to construct the payment request is one and the one of a plurality of principals as an originator of the 
same with the merchant computer that receives the purchase payment request, at least one of which digital signatures 
message. protects the payment request from replay attack, and at least 

7. The method of claim 2 wherein the payment computer one of which digital signatures is computed based on a 
is programmed to cause a message lo be transmitted into a principal-specific secret key. 

financial authorization network external to the public packet 

switched communications network, in order to verify in real ♦ * * * ♦ 
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